4951 A rule was ignored because its major version number was not recognized
Written when a firewall rule’s major version number could not be recognized and the rule was ignored. It indicates a defensive rule is not in effect due to a compatibility issue.
Overview
The subcategory is Audit MPSSVC Rule-Level Policy Change. It is generated when the Windows Firewall cannot recognize a rule’s major version and ignores the entire rule. It occurs with compatibility issues, such as an older OS unable to interpret a rule created on a newer OS.
How it is triggered
- When a version-mismatched firewall rule is about to be applied and is ignored.
Security review points
- An ignored rule means the intended defense (a block, etc.) may not be in effect. Check whether an important block rule is being ignored.
- It is mostly compatibility/operations-induced. However, since it creates a gap where “a rule you think is in effect is inactive,” review version consistency in rule distribution.
Notes for log review
- It can occur due to version differences in the environment. Check the ignored rule’s content (whether defensively important).
- Together with the similar 4952/4953 (partial ignore, parse failure), assess the health of rule application.
Key fields
| Field | Meaning |
|---|---|
| Ignored rule | The rule in question |